Schema

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
`MCP_PORT`	No	Port for WebSocket transport	8000
`MCP_LOG_LEVEL`	No	Logging level	INFO
`MCP_TRANSPORT`	No	Transport method (stdio/websocket)	stdio
`DATADOG_API_KEY`	Yes	Your Datadog API key
`DATADOG_APP_KEY`	Yes	Your Datadog application key
`DATADOG_TIMEOUT`	No	Request timeout in seconds	30
`DATADOG_BASE_URL`	No	Datadog API endpoint URL (varies by region)	https://api.datadoghq.com
`MCP_ENABLE_SECURITY_FILTERING`	No	Enable read-only filtering	true

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
No resources

Tools

Functions exposed to the LLM to take actions

Name	Description
ListAPIKeys	List all API keys available for your account. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. sort: API key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign. filter: Filter API keys by the specified string. filter[created_at][start]: Only include API keys created on or after the specified date. filter[created_at][end]: Only include API keys created on or before the specified date. filter[modified_at][start]: Only include API keys modified on or after the specified date. filter[modified_at][end]: Only include API keys modified on or before the specified date. include: Comma separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `modified_by`. filter[remote_config_read_enabled]: Filter API keys by remote config read enabled status. filter[category]: Filter API keys by category. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of API keys. included: Array of objects related to the API key. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListSpansMetrics	Get the list of configured span-based metrics with their definitions. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of span-based metric objects. Example: { "data": [ "unknown_type" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetSpansMetric	Get a specific span-based metric from your organization. Path Parameters: metric_id (Required): The name of the span-based metric. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListApmRetentionFilters	Get the list of APM retention filters. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of retention filters objects. Example: { "data": [ "unknown_type" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetApmRetentionFilter	Get an APM retention filter. Path Parameters: filter_id (Required): The ID of the retention filter. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListApplicationKeys	List all application keys available for your org Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. sort: Application key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign. filter: Filter application keys by the specified string. filter[created_at][start]: Only include application keys created on or after the specified date. filter[created_at][end]: Only include application keys created on or before the specified date. include: Resource path for related resources to include in the response. Only `owned_by` is supported. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of application keys. included: Array of objects related to the application key. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListDowntimes	Get all scheduled downtimes. Query Parameters: current_only: Only return downtimes that are active when the request is made. include: Comma-separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `monitor`. page[offset]: Specific offset to use as the beginning of the returned page. page[limit]: Maximum number of downtimes in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of downtimes. included: Array of objects related to the downtimes. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetDowntime	Get downtime detail by `downtime_id`. Path Parameters: downtime_id (Required): ID of the downtime to fetch. Query Parameters: include: Comma-separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `monitor`. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Array of objects related to the downtime that the user requested. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidents	Get all incidents for the user's organization. Query Parameters: include: Specifies which types of related objects should be included in the response. page[size]: Size for a given page. The maximum allowed value is 100. page[offset]: Specific offset to use as the beginning of the returned page. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incidents. included: Included related resources that the user requested. Example: { "data": [ { "attributes": { "created": "2020-04-21T15:34:08.627205+00:00", "creation_idempotency_key": null, "customer_impact_duration": 0, "customer_impact_end": null, "customer_impact_scope": null, "customer_impact_start": null, "customer_impacted": false, "detected": "2020-04-14T00:00:00+00:00", "incident_type_uuid": "00000000-0000-0000-0000-000000000001", "modified": "2020-09-17T14:16:58.696424+00:00", "public_id": 1, "resolved": null, "severity": "SEV-1", "time_to_detect": 0, "time_to_internal_response": 0, "time_to_repair": 0, "time_to_resolve": 0, "title": "Example Incident" }, "id": "00000000-aaaa-0000-0000-000000000000", "relationships": { "attachments": { "data": [ { "id": "00000000-9999-0000-0000-000000000000", "type": "incident_attachments" }, { "id": "00000000-1234-0000-0000-000000000000", "type": "incident_attachments" } ] }, "commander_user": { "data": { "id": "00000000-0000-0000-cccc-000000000000", "type": "users" } }, "created_by_user": { "data": { "id": "00000000-0000-0000-cccc-000000000000", "type": "users" } }, "integrations": { "data": [ { "id": "00000000-0000-0000-4444-000000000000", "type": "incident_integrations" }, { "id": "00000000-0000-0000-5555-000000000000", "type": "incident_integrations" } ] }, "last_modified_by_user": { "data": { "id": "00000000-0000-0000-cccc-000000000000", "type": "users" } } }, "type": "incidents" }, { "attributes": { "created": "2020-04-21T15:34:08.627205+00:00", "creation_idempotency_key": null, "customer_impact_duration": 0, "customer_impact_end": null, "customer_impact_scope": null, "customer_impact_start": null, "customer_impacted": false, "detected": "2020-04-14T00:00:00+00:00", "incident_type_uuid": "00000000-0000-0000-0000-000000000002", "modified": "2020-09-17T14:16:58.696424+00:00", "public_id": 2, "resolved": null, "severity": "SEV-5", "time_to_detect": 0, "time_to_internal_response": 0, "time_to_repair": 0, "time_to_resolve": 0, "title": "Example Incident 2" }, "id": "00000000-1111-0000-0000-000000000000", "relationships": { "attachments": { "data": [ { "id": "00000000-9999-0000-0000-000000000000", "type": "incident_attachments" } ] }, "commander_user": { "data": { "id": "00000000-aaaa-0000-0000-000000000000", "type": "users" } }, "created_by_user": { "data": { "id": "00000000-aaaa-0000-0000-000000000000", "type": "users" } }, "integrations": { "data": [ { "id": "00000000-0000-0000-0001-000000000000", "type": "incident_integrations" }, { "id": "00000000-0000-0000-0002-000000000000", "type": "incident_integrations" } ] }, "last_modified_by_user": { "data": { "id": "00000000-aaaa-0000-0000-000000000000", "type": "users" } } }, "type": "incidents" } ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidentTypes	Get all incident types. Query Parameters: include_deleted: Include deleted incident types in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incident type objects. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetIncidentType	Get incident type details. Path Parameters: incident_type_id (Required): The UUID of the incident type. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
SearchIncidents	Search for incidents matching a certain query. Query Parameters: include: Specifies which types of related objects should be included in the response. query (Required): Specifies which incidents should be returned. The query can contain any number of incident facets joined by `ANDs`, along with multiple values for each of those facets joined by `OR`s. For example: `state:active AND severity:(SEV-2 OR SEV-1)`. sort: Specifies the order of returned incidents. page[size]: Size for a given page. The maximum allowed value is 100. page[offset]: Specific offset to use as the beginning of the returned page. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Included related resources that the user requested. Example: { "data": "unknown_type", "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetIncident	Get the details of an incident by `incident_id`. Path Parameters: incident_id (Required): The UUID of the incident. Query Parameters: include: Specifies which types of related objects should be included in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Included related resources that the user requested. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidentAttachments	Get all attachments for a given incident. Path Parameters: incident_id (Required): The UUID of the incident. Query Parameters: include: Specifies which types of related objects are included in the response. filter[attachment_type]: Specifies which types of attachments are included in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incident attachments. included: Included related resources that the user requested. Example: { "data": [ { "attributes": { "attachment": { "documentUrl": "", "title": "Postmortem IR-123" }, "attachment_type": "postmortem" }, "id": "00000000-abcd-0002-0000-000000000000", "relationships": { "last_modified_by_user": { "data": { "id": "00000000-0000-0000-cccc-000000000000", "type": "users" } } }, "type": "incident_attachments" } ], "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidentIntegrations	Get all integration metadata for an incident. Path Parameters: incident_id (Required): The UUID of the incident. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incident integration metadata. included: Included related resources that the user requested. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetIncidentIntegration	Get incident integration metadata details. Path Parameters: incident_id (Required): The UUID of the incident. integration_metadata_id (Required): The UUID of the incident integration metadata. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Included related resources that the user requested. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidentTodos	Get all todos for an incident. Path Parameters: incident_id (Required): The UUID of the incident. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incident todos. included: Included related resources that the user requested. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetIncidentTodo	Get incident todo details. Path Parameters: incident_id (Required): The UUID of the incident. todo_id (Required): The UUID of the incident todo. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Included related resources that the user requested. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetLogsArchiveOrder	Get the current order of your archives. This endpoint takes no JSON arguments. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListLogsArchives	Get the list of configured logs archives with their definitions. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of archives. Example: { "data": [ "unknown_type" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetLogsArchive	Get a specific archive from your organization. Path Parameters: archive_id (Required): The ID of the archive. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListArchiveReadRoles	Returns all read roles a given archive is restricted to. Path Parameters: archive_id (Required): The ID of the archive. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of returned roles. Example: { "data": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListLogsCustomDestinations	Get the list of configured custom destinations in your organization with their definitions. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of custom destinations. Example: { "data": [ "unknown_type" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetLogsCustomDestination	Get a specific custom destination in your organization. Path Parameters: custom_destination_id (Required): The ID of the custom destination. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListLogsMetrics	Get the list of configured log-based metrics with their definitions. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of log-based metric objects. Example: { "data": [ "unknown_type" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetLogsMetric	Get a specific log-based metric from your organization. Path Parameters: metric_id (Required): The name of the log-based metric. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListLogsGet	List endpoint returns logs that match a log search query. Results are paginated. Use this endpoint to search and filter your logs. If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See Datadog Logs Archive documentation. Query Parameters: filter[query]: Search query following logs syntax. filter[indexes]: For customers with multiple indexes, the indexes to search. Defaults to '' which means all indexes filter[from]: Minimum timestamp for requested logs. filter[to]: Maximum timestamp for requested logs. filter[storage_tier]: Specifies the storage type to be used sort: Order of logs in results. page[cursor]: List following results with a cursor provided in the previous query. page[limit]: Maximum number of logs in the response. Responses:* 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of logs matching the request. Example: { "data": [ "unknown_type" ], "links": "unknown_type", "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListTagConfigurations	Returns all metrics that can be configured in the Metrics Summary page or with Metrics without Limits™ (matching additional filters if specified). Optionally, paginate by using the `page[cursor]` and/or `page[size]` query parameters. To fetch the first page, pass in a query parameter with either a valid `page[size]` or an empty cursor like `page[cursor]=`. To fetch the next page, pass in the `next_cursor` value from the response as the new `page[cursor]` value. Once the `meta.pagination.next_cursor` value is null, all pages have been retrieved. Query Parameters: filter[configured]: Filter custom metrics that have configured tags. filter[tags_configured]: Filter tag configurations by configured tags. filter[metric_type]: Filter metrics by metric type. filter[include_percentiles]: Filter distributions with additional percentile aggregations enabled or disabled. filter[queried]: (Preview) Filter custom metrics that have or have not been queried in the specified window[seconds]. If no window is provided or the window is less than 2 hours, a default of 2 hours will be applied. filter[tags]: Filter metrics that have been submitted with the given tags. Supports boolean and wildcard expressions. Can only be combined with the filter[queried] filter. filter[related_assets]: (Preview) Filter metrics that are used in dashboards, monitors, notebooks, SLOs. window[seconds]: The number of seconds of look back (from now) to apply to a filter[tag] or filter[queried] query. Default value is 3600 (1 hour), maximum value is 2,592,000 (30 days). page[size]: Maximum number of results returned. page[cursor]: String to query the next page of results. This key is provided with each valid response from the API in `meta.pagination.next_cursor`. Once the `meta.pagination.next_cursor` key is null, all pages have been retrieved. Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: data: Array of metrics and metric tag configurations. Example: { "data": [ "unknown_type" ], "links": "unknown_type", "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListActiveMetricConfigurations	List tags and aggregations that are actively queried on dashboards, notebooks, monitors, the Metrics Explorer, and using the API for a given metric name. Path Parameters: metric_name (Required): The name of the metric. Query Parameters: window[seconds]: The number of seconds of look back (from now). Default value is 604,800 (1 week), minimum value is 7200 (2 hours), maximum value is 2,630,000 (1 month). Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListTagsByMetricName	View indexed tag key-value pairs for a given metric name over the previous hour. Path Parameters: metric_name (Required): The name of the metric. Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListMetricAssets	Returns dashboards, monitors, notebooks, and SLOs that a metric is stored in, if any. Updated every 24 hours. Path Parameters: metric_name (Required): The name of the metric. Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: included: Array of objects related to the metric assets. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
EstimateMetricsOutputSeries	Returns the estimated cardinality for a metric with a given tag, percentile and number of aggregations configuration using Metrics without Limits™. Path Parameters: metric_name (Required): The name of the metric. Query Parameters: filter[groups]: Filtered tag keys that the metric is configured to query with. filter[hours_ago]: The number of hours of look back (from now) to estimate cardinality with. If unspecified, it defaults to 0 hours. filter[num_aggregations]: Deprecated. Number of aggregations has no impact on volume. filter[pct]: A boolean, for distribution metrics only, to estimate cardinality if the metric includes additional percentile aggregators. filter[timespan_h]: A window, in hours, from the look back to estimate cardinality with. The minimum and default is 1 hour. Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListTagConfigurationByName	Returns the tag configuration for the given metric name. Path Parameters: metric_name (Required): The name of the metric. Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListVolumesByMetricName	View distinct metrics volumes for the given metric name. Custom metrics generated in-app from other products will return `null` for ingested volumes. Path Parameters: metric_name (Required): The name of the metric. Responses: 200 (Success): Success Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too Many Requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListRoles	Returns all roles, including their names and their unique identifiers. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. sort: Sort roles depending on the given field. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example: `sort=-name`. filter: Filter all roles by the given string. filter[id]: Filter all roles by the given list of role IDs. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of returned roles. Example: { "data": [ "unknown_type" ], "meta": "unknown_type" } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetRole	Get a role in the organization specified by the role’s `role_id`. Path Parameters: role_id (Required): The unique identifier of the role. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListRolePermissions	Returns a list of all permissions for a single role. Path Parameters: role_id (Required): The unique identifier of the role. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of permissions. Example: { "data": [ "unknown_type" ] } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListRoleUsers	Gets all users of a role. Path Parameters: role_id (Required): The unique identifier of the role. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. sort: User attribute to order results by. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `email`, `status`. filter: Filter all users by the given string. Defaults to no filtering. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of returned users. included: Array of objects related to the users. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListCloudWorkloadSecurityAgentRules	Get the list of agent rules. Note: This endpoint should only be used for the Government (US1-FED) site. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of Agent rules objects Example: { "data": [ "unknown_type" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetCloudWorkloadSecurityAgentRule	Get the details of a specific agent rule. Note: This endpoint should only be used for the Government (US1-FED) site. Path Parameters: agent_rule_id (Required): The ID of the Agent rule Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListSecurityFilters	Get the list of configured security filters with their definitions. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of security filters objects. Example: { "data": [ "unknown_type" ], "meta": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetSecurityFilter	Get the details of a specific security filter. See the security filter guide for more examples. Path Parameters: security_filter_id (Required): The ID of the security filter. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type", "meta": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListSecurityMonitoringSuppressions	Get the list of all suppression rules. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: A list of suppressions objects. Example: { "data": [ "unknown_type" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetSecurityMonitoringSuppression	Get the details of a specific suppression rule. Path Parameters: suppression_id (Required): The ID of the suppression rule Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListSecurityMonitoringRules	List rules. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array containing the list of rules. Example: { "data": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetSecurityMonitoringRule	Get a rule's details. Path Parameters: rule_id (Required): The ID of the rule. Responses: 200 (Success): OK Content-Type: `application/json` 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ConvertExistingSecurityMonitoringRule	Convert an existing rule from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule. Path Parameters: rule_id (Required): The ID of the rule. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: terraformContent: Terraform string as a result of converting the rule from JSON. Example: { "terraformContent": "string" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetRuleVersionHistory	Get a rule's version history. Path Parameters: rule_id (Required): The ID of the rule. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListSecurityMonitoringSignals	The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals. Query Parameters: filter[query]: The search query for security signals. filter[from]: The minimum timestamp for requested security signals. filter[to]: The maximum timestamp for requested security signals. sort: The order of the security signals in results. page[cursor]: A list of results using the cursor provided in the previous query. page[limit]: The maximum number of security signals in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of security signals matching the request. Example: { "data": [ "unknown_type" ], "links": "unknown_type", "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Not Authorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetSecurityMonitoringSignal	Get a signal's details. Path Parameters: signal_id (Required): The ID of the signal. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidentServices	Get all incident services uploaded for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. Query Parameters: include: Specifies which types of related objects should be included in the response. page[size]: Size for a given page. The maximum allowed value is 100. page[offset]: Specific offset to use as the beginning of the returned page. filter: A search query that filters services by name. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incident services. included: Included related resources which the user requested. Example: { "data": [ { "id": "00000000-0000-0000-0000-000000000000", "type": "services" } ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListServiceDefinitions	Get a list of all service definitions from the Datadog Service Catalog. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. schema_version: The schema version desired in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Data representing service definitions. Example: { "data": [ "unknown_type" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetServiceDefinition	Get a single service definition from the Datadog Service Catalog. Path Parameters: service_name (Required): The name of the service. Query Parameters: schema_version: The schema version desired in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 409: Conflict Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetIncidentService	Get details of an incident service. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. Path Parameters: service_id (Required): The ID of the incident service. Query Parameters: include: Specifies which types of related objects should be included in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Included objects from relationships. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListSpansGet	List endpoint returns spans that match a span search query. Results are paginated. Use this endpoint to see your latest spans. This endpoint is rate limited to `300` requests per hour. Query Parameters: filter[query]: Search query following spans syntax. filter[from]: Minimum timestamp for requested spans. Supports date-time ISO8601, date math, and regular timestamps (milliseconds). filter[to]: Maximum timestamp for requested spans. Supports date-time ISO8601, date math, and regular timestamps (milliseconds). sort: Order of spans in results. page[cursor]: List following results with a cursor provided in the previous query. page[limit]: Maximum number of spans in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of spans matching the request. Example: { "data": [ "unknown_type" ], "links": "unknown_type", "meta": "unknown_type" } 400: Bad Request. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "unknown_type" ] } 403: Forbidden: Access denied. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "unknown_type" ] } 422: Unprocessable Entity. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "unknown_type" ] } 429: Too many requests: The rate limit set by the API has been exceeded. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "unknown_type" ] }
GetOnDemandConcurrencyCap	Get the on-demand concurrency cap. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: Example: { "data": "unknown_type" } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListIncidentTeams	Get all incident teams for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams. Query Parameters: include: Specifies which types of related objects should be included in the response. page[size]: Size for a given page. The maximum allowed value is 100. page[offset]: Specific offset to use as the beginning of the returned page. filter: A search query that filters teams by name. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: An array of incident teams. included: Included related resources which the user requested. Example: { "data": [ { "attributes": { "name": "team name" }, "id": "00000000-7ea3-0000-0000-000000000000", "type": "teams" } ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetIncidentTeam	Get details of an incident team. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams. Path Parameters: team_id (Required): The ID of the incident team. Query Parameters: include: Specifies which types of related objects should be included in the response. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Included objects from relationships. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 401: Unauthorized Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not Found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetUsageApplicationSecurityMonitoring	Get hourly usage for application security . Note: This endpoint has been deprecated. Hourly usage data for all products is now available in the Get hourly usage by product family API Query Parameters: start_hr (Required): Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour. end_hr: Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending before this hour. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Application Security Monitoring usage. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetBillingDimensionMapping	Get a mapping of billing dimensions to the corresponding keys for the supported usage metering public API endpoints. Mapping data is updated on a monthly cadence. This endpoint is only accessible to parent-level organizations. Query Parameters: filter[month]: Datetime in ISO-8601 format, UTC, and for mappings beginning this month. Defaults to the current month. filter[view]: String to specify whether to retrieve active billing dimension mappings for the contract or for all available mappings. Allowed views have the string `active` or `all`. Defaults to `active`. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: Example: { "data": "unknown_type" } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetCostByOrg	Get cost across multi-org account. Cost by org data for a given month becomes available no later than the 16th of the following month. Note: This endpoint has been deprecated. Please use the new endpoint `/historical_cost` instead. This endpoint is only accessible for parent-level organizations. Query Parameters: start_month (Required): Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month. end_month: Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Chargeback Summary. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetEstimatedCostByOrg	Get estimated cost across multi-org and single root-org accounts. Estimated cost data is only available for the current month and previous month and is delayed by up to 72 hours from when it was incurred. To access historical costs prior to this, use the `/historical_cost` endpoint. This endpoint is only accessible for parent-level organizations. Query Parameters: view: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. start_month: Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month. Either start_month or start_date should be specified, but not both. (start_month cannot go beyond two months in the past). Provide an `end_month` to view month-over-month cost. end_month: Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month. start_date: Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost beginning this day. Either start_month or start_date should be specified, but not both. (start_date cannot go beyond two months in the past). Provide an `end_date` to view day-over-day cumulative cost. end_date: Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost ending this day. include_connected_accounts: Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Chargeback Summary. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetHistoricalCostByOrg	Get historical cost across multi-org and single root-org accounts. Cost data for a given month becomes available no later than the 16th of the following month. This endpoint is only accessible for parent-level organizations. Query Parameters: view: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. start_month (Required): Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month. end_month: Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month. include_connected_accounts: Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Chargeback Summary. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetHourlyUsage	Get hourly usage by product family. Query Parameters: filter[timestamp][start] (Required): Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage beginning at this hour. filter[timestamp][end]: Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage ending before this hour. filter[product_families] (Required): Comma separated list of product families to retrieve. Available families are `all`, `analyzed_logs`, `application_security`, `audit_trail`, `serverless`, `ci_app`, `cloud_cost_management`, `cloud_siem`, `csm_container_enterprise`, `csm_host_enterprise`, `cspm`, `custom_events`, `cws`, `dbm`, `error_tracking`, `fargate`, `infra_hosts`, `incident_management`, `indexed_logs`, `indexed_spans`, `ingested_spans`, `iot`, `lambda_traced_invocations`, `logs`, `network_flows`, `network_hosts`, `network_monitoring`, `observability_pipelines`, `online_archive`, `profiling`, `rum`, `rum_browser_sessions`, `rum_mobile_sessions`, `sds`, `snmp`, `software_delivery`, `synthetics_api`, `synthetics_browser`, `synthetics_mobile`, `synthetics_parallel_testing`, `timeseries`, `vuln_management`, and `workflow_executions`. The following product family has been deprecated: `audit_logs`. filter[include_descendants]: Include child org usage in the response. Defaults to false. filter[include_connected_accounts]: Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to false. filter[include_breakdown]: Include breakdown of usage by subcategories where applicable (for product family logs only). Defaults to false. filter[versions]: Comma separated list of product family versions to use in the format `product_family:version`. For example, `infra_hosts:1.0.0`. If this parameter is not used, the API will use the latest version of each requested product family. Currently all families have one version `1.0.0`. page[limit]: Maximum number of results to return (between 1 and 500) - defaults to 500 if limit not specified. page[next_record_id]: List following results with a next_record_id provided in the previous query. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing hourly usage. Example: { "data": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetUsageLambdaTracedInvocations	Get hourly usage for Lambda traced invocations. Note: This endpoint has been deprecated.. Hourly usage data for all products is now available in the Get hourly usage by product family API Query Parameters: start_hr (Required): Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour. end_hr: Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending before this hour. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Lambda Traced Invocations usage. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetUsageObservabilityPipelines	Get hourly usage for observability pipelines. Note: This endpoint has been deprecated. Hourly usage data for all products is now available in the Get hourly usage by product family API Query Parameters: start_hr (Required): Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour. end_hr: Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending before this hour. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Observability Pipelines usage. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetProjectedCost	Get projected cost across multi-org and single root-org accounts. Projected cost data is only available for the current month and becomes available around the 12th of the month. This endpoint is only accessible for parent-level organizations. Query Parameters: view: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. include_connected_accounts: Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`. Responses: 200 (Success): OK Content-Type: `application/json;datetime-format=rfc3339` Response Properties: data: Response containing Projected Cost. Example: { "data": [ "unknown_type" ] } 400: Bad Request Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Forbidden - User is not authorized Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json;datetime-format=rfc3339` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListUsers	Get the list of all users in the organization. This list includes all users even if they are deactivated or unverified. Query Parameters: page[size]: Size for a given page. The maximum allowed value is 100. page[number]: Specific page number to return. sort: User attribute to order results by. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `modified_at`, `user_count`. sort_dir: Direction of sort. Options: `asc`, `desc`. filter: Filter all users by the given string. Defaults to no filtering. filter[status]: Filter on status attribute. Comma separated list, with possible values `Active`, `Pending`, and `Disabled`. Defaults to no filtering. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of returned users. included: Array of objects related to the users. Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "meta": "unknown_type" } 400: Bad Request Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetUser	Get a user in the organization specified by the user’s `user_id`. Path Parameters: user_id (Required): The ID of the user. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Array of objects related to the user. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListUserOrganizations	Get a user organization. Returns the user information and all organizations joined by this user. Path Parameters: user_id (Required): The ID of the user. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: included: Array of objects related to the user. Example: { "data": "unknown_type", "included": [ "unknown_type" ] } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
ListUserPermissions	Get a user permission set. Returns a list of the user’s permissions granted by the associated user's roles. Path Parameters: user_id (Required): The ID of the user. Responses: 200 (Success): OK Content-Type: `application/json` Response Properties: data: Array of permissions. Example: { "data": [ "unknown_type" ] } 403: Authentication error Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 404: Not found Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }
GetUserMemberships	Get a list of memberships for a user Path Parameters: user_uuid (Required): None Responses: 200 (Success): Represents a user's association to a team Content-Type: `application/json` Response Properties: data: Team memberships response data included: Resources related to the team memberships Example: { "data": [ "unknown_type" ], "included": [ "unknown_type" ], "links": "unknown_type" } 404: API error response. Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] } 429: Too many requests Content-Type: `application/json` Response Properties: errors: A list of errors. Example: { "errors": [ "Bad Request" ] }

Server Configuration

Schema

Prompts

Resources

Tools

MCP directory API